v3-schema: Add new ipaExternalGroup objectclass

This construct allows to have a group of ipaExternalMember attributes, that can
be nested in a normal ipa Group ('memberOf' is allowed).

It cannot contain normal ipa users/groups and cannot be nested with another
group of the same type ('member' is not allowed).

install/share/60basev3.ldif

@@ -0,0 +1,8 @@
+## IPA Base OID:	2.16.840.1.113730.3.8
+##
+## Attributes:		2.16.840.1.113730.3.8.11 - V2 base attributres
+## ObjectClasses:	2.16.840.1.113730.3.8.12 - V2 base objectclasses
+##
+dn: cn=schema
+attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember' DESC 'External Group Member Identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3' )
+objectClasses: (2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup' SUP top STRUCTURAL MUST ( cn ) MAY ( ipaExternalMember $ memberOf $ description $ owner) X-ORIGIN 'IPA v3' )

install/share/Makefile.am

@@ -7,6 +7,7 @@ app_DATA =				\
 	60samba.ldif			\
 	60ipaconfig.ldif		\
 	60basev2.ldif			\
+	60basev3.ldif			\
 	60ipadns.ldif			\
 	60ipasudo.ldif			\
 	anonymous-vlv.ldif		\

ipaserver/install/dsinstance.py

@@ -402,6 +402,7 @@ class DsInstance(service.Service):
                              "60samba.ldif",
                              "60ipaconfig.ldif",
                              "60basev2.ldif",
+                             "60basev3.ldif",
                              "60ipadns.ldif",
                              "60ipasudo.ldif"):
             target_fname = schema_dirname(self.serverid) + schema_fname